From ef6cba0b3635fc99eb658ecd4a29cf63bb234cb6 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Thu, 3 Jan 2019 11:13:28 -0800 Subject: [PATCH] Always set content-type & nosniff --- cmd/kube-proxy/app/server.go | 2 ++ cmd/kube-scheduler/app/server.go | 2 ++ pkg/controller/garbagecollector/dump.go | 2 ++ pkg/proxy/healthcheck/healthcheck.go | 2 ++ pkg/util/configz/configz.go | 1 + staging/src/k8s.io/apiserver/pkg/server/routes/flags.go | 1 + 6 files changed, 10 insertions(+) diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index 1b95d0ea4ae..f04d9568c89 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -552,6 +552,8 @@ func (s *ProxyServer) Run() error { proxyMux := mux.NewPathRecorderMux("kube-proxy") healthz.InstallHandler(proxyMux) proxyMux.HandleFunc("/proxyMode", func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text/plain; charset=utf-8") + w.Header().Set("X-Content-Type-Options", "nosniff") fmt.Fprintf(w, "%s", s.ProxyMode) }) proxyMux.Handle("/metrics", legacyregistry.Handler()) diff --git a/cmd/kube-scheduler/app/server.go b/cmd/kube-scheduler/app/server.go index 51ee49f723d..4afc031da58 100644 --- a/cmd/kube-scheduler/app/server.go +++ b/cmd/kube-scheduler/app/server.go @@ -299,6 +299,8 @@ func installMetricHandler(pathRecorderMux *mux.PathRecorderMux) { pathRecorderMux.HandleFunc("/metrics", func(w http.ResponseWriter, req *http.Request) { if req.Method == "DELETE" { metrics.Reset() + w.Header().Set("Content-Type", "text/plain; charset=utf-8") + w.Header().Set("X-Content-Type-Options", "nosniff") io.WriteString(w, "metrics reset\n") return } diff --git a/pkg/controller/garbagecollector/dump.go b/pkg/controller/garbagecollector/dump.go index 456877f1271..5abe0f84c5e 100644 --- a/pkg/controller/garbagecollector/dump.go +++ b/pkg/controller/garbagecollector/dump.go @@ -273,6 +273,8 @@ func (h *debugHTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { http.Error(w, err.Error(), http.StatusInternalServerError) return } + w.Header().Set("Content-Type", "text/vnd.graphviz") + w.Header().Set("X-Content-Type-Options", "nosniff") w.Write(data) w.WriteHeader(http.StatusOK) } diff --git a/pkg/proxy/healthcheck/healthcheck.go b/pkg/proxy/healthcheck/healthcheck.go index 348ca311f8d..99d9904b5c7 100644 --- a/pkg/proxy/healthcheck/healthcheck.go +++ b/pkg/proxy/healthcheck/healthcheck.go @@ -210,6 +210,7 @@ func (h hcHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { h.hcs.lock.RUnlock() resp.Header().Set("Content-Type", "application/json") + resp.Header().Set("X-Content-Type-Options", "nosniff") if count == 0 { resp.WriteHeader(http.StatusServiceUnavailable) } else { @@ -338,6 +339,7 @@ func (h healthzHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { currentTime := h.hs.clock.Now() resp.Header().Set("Content-Type", "application/json") + resp.Header().Set("X-Content-Type-Options", "nosniff") if !lastUpdated.IsZero() && currentTime.After(lastUpdated.Add(h.hs.healthTimeout)) { resp.WriteHeader(http.StatusServiceUnavailable) } else { diff --git a/pkg/util/configz/configz.go b/pkg/util/configz/configz.go index 5bb192637e3..869af648bee 100644 --- a/pkg/util/configz/configz.go +++ b/pkg/util/configz/configz.go @@ -118,6 +118,7 @@ func write(w http.ResponseWriter) error { return fmt.Errorf("error marshaling json: %v", err) } w.Header().Set("Content-Type", "application/json") + w.Header().Set("X-Content-Type-Options", "nosniff") _, err = w.Write(b) return err } diff --git a/staging/src/k8s.io/apiserver/pkg/server/routes/flags.go b/staging/src/k8s.io/apiserver/pkg/server/routes/flags.go index a03b80d3ce7..be1077a8808 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/routes/flags.go +++ b/staging/src/k8s.io/apiserver/pkg/server/routes/flags.go @@ -121,6 +121,7 @@ func StringFlagPutHandler(setter StringFlagSetterFunc) http.HandlerFunc { // writePlainText renders a simple string response. func writePlainText(statusCode int, text string, w http.ResponseWriter) { w.Header().Set("Content-Type", "text/plain") + w.Header().Set("X-Content-Type-Options", "nosniff") w.WriteHeader(statusCode) fmt.Fprintln(w, text) }